source: ralphm-patches/client_listen_authenticator.patch @ 54:03ec57713c90

wokkel/client.py

@@ -10 +10 @@
 that should probably eventually move there.
 """
 
+import base64
+
 from twisted.application import service
 from twisted.internet import reactor
 from twisted.names.srvconnect import SRVConnector
-from twisted.words.protocols.jabber import client, sasl, xmlstream
+from twisted.words.protocols.jabber import client, error, sasl, xmlstream
 
 from wokkel import generic
 from wokkel.subprotocols import StreamManager
 
+NS_CLIENT = 'jabber:client'
+
+XPATH_ALL = "/*"
+XPATH_AUTH = "/auth[@xmlns='%s']" % sasl.NS_XMPP_SASL
+XPATH_BIND = "/iq[@type='set']/bind[@xmlns='%s']" % client.NS_XMPP_BIND
+XPATH_SESSION = "/iq[@type='set']/session[@xmlns='%s']" % \
+                client.NS_XMPP_SESSION
+
 class CheckAuthInitializer(object):
     """
     Check what authentication methods are available.
@@ -51 +61 @@
     autentication.
     """
 
-    namespace = 'jabber:client'
+    namespace = NS_CLIENT
 
     def __init__(self, jid, password):
         xmlstream.ConnectAuthenticator.__init__(self, jid.host)
@@ -186 +196 @@
     c = XMPPClientConnector(reactor, domain, factory)
     c.connect()
     return factory.deferred
+
+
+
+class XMPPClientListenAuthenticator(xmlstream.ListenAuthenticator):
+    namespace = NS_CLIENT
+
+    def __init__(self, service):
+        self.service = service
+        self.failureGrace = 3
+        self.state = 'auth'
+
+
+    def associateWithStream(self, xs):
+        xmlstream.ListenAuthenticator.associateWithStream(self, xs)
+        self.xmlstream.addObserver(XPATH_ALL, self.onElementFallback, -1)
+
+
+    def onElementFallback(self, element):
+        if element.handled:
+            return
+
+        exc = error.StreamError('not-authorized')
+        self.xmlstream.sendStreamError(exc)
+
+
+    def streamStarted(self, rootElement):
+        xmlstream.ListenAuthenticator.streamStarted(self, rootElement)
+
+        # check namespace
+        #if self.xmlstream.namespace != self.namespace:
+        #    self.xmlstream.namespace = self.namespace
+        #    exc = error.StreamError('invalid-namespace')
+        #    self.xmlstream.sendStreamError(exc)
+        #    return
+
+        # TODO: check domain (self.service.domain)
+
+        self.xmlstream.sendHeader()
+
+        try:
+            stateHandlerName = 'streamStarted_' + self.state
+            stateHandler = getattr(self, stateHandlerName)
+        except AttributeError:
+            log.msg('streamStarted handler for', self.state, 'not found')
+        else:
+            stateHandler()
+
+
+    def toState(self, state):
+        self.state = state
+        if state == 'initialized':
+            self.xmlstream.removeObserver(XPATH_ALL, self.onElementFallback)
+            self.xmlstream.addOnetimeObserver(XPATH_SESSION, self.onSession, 1)
+            self.xmlstream.dispatch(self.xmlstream,
+                                    xmlstream.STREAM_AUTHD_EVENT)
+
+
+    def streamStarted_auth(self):
+        features = domish.Element((xmlstream.NS_STREAMS, 'features'))
+        features.addElement((sasl.NS_XMPP_SASL, 'mechanisms'))
+        features.mechanisms.addElement('mechanism', content='PLAIN')
+        self.xmlstream.send(features)
+        self.xmlstream.addOnetimeObserver(XPATH_AUTH, self.onAuth)
+
+
+    def onAuth(self, auth):
+        auth.handled = True
+
+        if auth.getAttribute('mechanism') != 'PLAIN':
+            failure = domish.Element((sasl.NS_XMPP_SASL, 'failure'))
+            failure.addElement('invalid-mechanism')
+            self.xmlstream.send(failure)
+
+            # Close stream on too many failing authentication attempts
+            self.failureGrace -= 1
+            if self.failureGrace == 0:
+                self.xmlstream.sendFooter()
+            else:
+                self.xmlstream.addOnetimeObserver(XPATH_AUTH, self.onAuth)
+
+            return
+
+        initialResponse = base64.b64decode(unicode(auth))
+        authzid, authcid, passwd = initialResponse.split('\x00')
+
+        # TODO: check passwd
+
+        # authenticated
+
+        self.username = authcid
+
+        success = domish.Element((sasl.NS_XMPP_SASL, 'success'))
+        self.xmlstream.send(success)
+        self.xmlstream.reset()
+
+        self.toState('bind')
+
+
+    def streamStarted_bind(self):
+        features = domish.Element((xmlstream.NS_STREAMS, 'features'))
+        features.addElement((client.NS_XMPP_BIND, 'bind'))
+        features.addElement((client.NS_XMPP_SESSION, 'session'))
+        self.xmlstream.send(features)
+        self.xmlstream.addOnetimeObserver(XPATH_BIND, self.onBind)
+
+
+    def onBind(self, iq):
+        def cb(boundJID):
+            self.xmlstream.otherEntity = boundJID
+            self.toState('initialized')
+
+            response = xmlstream.toResponse(iq, 'result')
+            response.addElement((client.NS_XMPP_BIND, 'bind'))
+            response.bind.addElement((client.NS_XMPP_BIND, 'jid'),
+                                  content=boundJID.full())
+
+            return response
+
+        def eb(failure):
+            if not isinstance(failure, error.StanzaError):
+                log.msg(failure)
+                exc = error.StanzaError('internal-server-error')
+            else:
+                exc = failure.value
+
+            return exc.toResponse(iq)
+
+        iq.handled = True
+        resource = unicode(iq.bind) or None
+        d = self.service.bindResource(self.username,
+                                      self.service.domain,
+                                      resource)
+        d.addCallback(cb)
+        d.addErrback(eb)
+        d.addCallback(self.xmlstream.send)
+
+
+    def onSession(self, iq):
+        iq.handled = True
+
+        reply = domish.Element((None, 'iq'))
+        reply['type'] = 'result'
+        if iq.getAttribute('id'):
+            reply['id'] = iq['id']
+        reply.addElement((client.NS_XMPP_SESSION, 'session'))
+        self.xmlstream.send(reply)
+
+
+